Privacy Policy
Effective July 6, 2026 · Forge is a service of Harvey Creative (Lindale, Texas, USA).
The short version
Forge helps your business run its marketing. To do that, you connect accounts (Google, Meta, Stripe, Klaviyo) and we read your marketing data to analyze it, and — only with your approval — make changes on your behalf. We don't sell your data, we don't show ads, and we only collect what the product needs to work.
What we collect
- Account details: your name, email address, and password (stored as a salted hash — we can't read it).
- Business profile: the brand guide you build — your business description, services, customers, brand voice, and images/logo you upload or that we pull from your public website at your request.
- Connected account data: when you connect Google, Meta, Stripe, or Klaviyo, we receive access tokens and read marketing data — ad campaigns and performance, website analytics, search performance, business listing stats, reviews, email campaign stats, and payment totals. We fetch what the dashboards and analysis need, nothing more.
- Leads: if you use Forge landing pages, we store the contact details people submit (name, email, phone, message) on your behalf. That data belongs to you.
- Usage records: logs of the work Forge performs for you (reviews, proposals, approved changes) so you always have an audit trail.
How we use it
- To show your marketing performance in one dashboard.
- To analyze your marketing and produce plain-English findings, recommendations, and plans. Analysis is performed with the help of AI models (Anthropic's Claude); the data shared for analysis is limited to your business profile and your marketing metrics.
- To carry out changes you explicitly approve (for example creating or pausing ads, drafting content, or updating budgets within strict guardrails).
- To notify you (for example when a new lead arrives).
Google user data
Forge's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically: we only use Google data (Google Ads, Analytics, Search Console, Business Profile, YouTube) to provide the marketing features you see in the app; we don't transfer it to third parties except as needed to provide those features, as required by law, or with your explicit consent; we don't use it for advertising targeting of our own; and humans don't read it except with your permission, for security, or to comply with law.
Meta platform data
Data received from Meta (Facebook and Instagram) is used solely to display and manage your own pages and ad accounts inside Forge, per the Meta Platform Terms. We never post, spend, or change anything without your approval.
How we protect it
- All access tokens and API keys are encrypted at rest (AES-256-GCM) and in transit (TLS).
- Your data is isolated per business account; every read and write is scoped to your account.
- Payment card details never touch our servers — billing is handled by Stripe.
Sharing
We use a small set of service providers to run Forge: hosting and database (Railway), AI analysis (Anthropic), email delivery (Resend), and payments (Stripe). Each receives only what it needs to perform its function. We do not sell or rent your data to anyone.
Deleting your data
You can disconnect any provider at any time in Settings — that removes its tokens immediately. To delete your account and all associated data (including data received from Google or Meta), email team@harveycreative.cofrom your account email with the subject "Delete my Forge account" and we'll complete the deletion within 30 days and confirm. This page also serves as our data deletion instructions for Meta platform users.
Changes
If this policy changes materially we'll email account holders before the change takes effect. Questions: team@harveycreative.co.